Previous Top News 2003

EPIC Year in Review. EPIC's survey of the 2003 Privacy Year in Review notes the collapse of Total Information Awareness, surveillance cameras in schools, a Supreme Court victory for privacy, legal battles over the Do Not Call list, busted luggage locks, anti-terrorism laws used for routine criminal investigations, and a conservative radio commentator asking for privacy. (Dec. 31)

Report Criticizes Total Information Awareness. The Department of Defense's inspector general has released a report (pdf) criticizing the agency's lack of consideration of privacy concerns when developing the Total Information Awareness system. The report states that the lack of a formal assessment on the privacy implications for U.S. citizens meant the Pentagon "risks spending funds to develop systems that may be neither deployable nor used to their fullest potential without costly revisions and retrofits." For more information, see EPIC's Total Information Awareness page. (Dec. 31)

Doc's Cover Palladium Privacy, Unique Identifier Issues. EPIC has obtained documents from the National Institute of Standards and Technology under the Freedom of Information Act describing Microsoft Palladium. The documents (pdf 980k) describe Palladium's applications for Digital Rights Management and note that the technology embeds "unique machine identifiers," thus raising risks that user behavior may be subject to traffic analysis. Issues raised by Palladium, which is now known as the Next Generation Secure Computing Base, are similar to privacy problems with the controversial Intel Pentium Serial Number. For more information, see Big Brother Inside and the EPIC Palladium and Digital Rights Management Pages. (Dec. 23)

Appeals Court Rejects Recording Industry Subpoenas. The U.S. Court of Appeals for the D.C. Circuit has ruled against the recording industry's attempts to compel Internet service providers to identify their subscribers. The panel opinion (pdf) is a major setback for the industry's anti-piracy campaign and a significant victory for Internet users' privacy rights. EPIC and other public interest groups filed an amicus brief (pdf) supporting Verizon's challenge to the RIAA subpoenas. For more information, see EPIC's RIAA v. Verizon page. (Dec. 19)

Officials Question DC Police Handling of Political Demonstrations. The D.C. Council Judiciary Committee is investigating police practices in a two day hearing, "Current Policies and Practices of the Metropolitan Police Department Related to Demonstrations within the District." The Committee is examining the intelligence-gathering activities, pre-emptive actions to prevent public assembly, mass arrests and detentions, and excessive use of force. EPIC has drafted a letter supporting these efforts and urging the Council to include in its examination, police use of surveillance in the Nation's Capital. For more information, see EPIC's Protester Privacy page. (Dec. 17)

US, EU Reach Deal on Passenger Data Transfer.The European Commission has temporarily agreed to provide the United States with information on its airline passengers traveling to the U.S. The agreement comes after a year of negotiations in which the U.S. has sought expansive access to EU passenger information. The agreement may still violate European privacy laws and faces opposition from the European Parliament. For more information, see EPIC's EU-US Airline Passenger Data page. (Dec. 17)

EPIC Seeks Privacy Protection for Internet Telephony. EPIC urged the Federal Communications Commission to address the privacy implications of Voice over Internet Protocol (VoIP), a technology that enables Internet telephony. In a letter to the agency, EPIC recounted the FCC's past actions to protect privacy, and argued that the adoption of genuine privacy practices will accelerate the adoption and security of Internet telephony. For more information, see the EPIC Internet Telephony Page. (Dec. 15)

EPIC Files Amicus Brief in Supreme Court ID Case. EPIC, joined by several scholars and technical experts, has filed a "friend of the court" brief in Hiibel v. Nevada, a case in which the Supreme Court will determine whether an individual may refuse to identify himself to police when there is no probable cause to arrest. The brief discusses how existing information systems, such as the National Crime Information Center (NCIC) and the Multi-State Anti-Terrorism Information Exchange (MATRIX), may become systems of public surveillance. EPIC is urging the Court to ensure that the police do not use stop-and-frisk situations for fishing expeditions of government computer databases. For more information, see EPIC's Hiibel v. Nevada Page. (Dec. 14)

UN Summit Security Raises Privacy Issues. Independent researchers attending the Word Summit on the Information Society (WSIS) have issued a report revealing security and privacy flaws in the security system used to control access to the UN Summit. When participants were required to obtain security badges, they were not informed of the built-in SmartCards and Radio Frequency Identification (RFID). Such technology can be triggered remotely without the cardholder noticing and allows cardholders to be tracked in their attendance at the Summit. The UN General Assembly Resolution 45/95 calls for privacy principles that include the right to know what information is collected, how it is used, and how long it will be retained. Participants at the UN Summit were not aware of their surveillance and were not provided with any information on privacy policies and procedures. For more information on RFID's and human rights, see EPIC's Privacy and Human Rights Report. (Dec. 10)

UN Summit on the Information Society Begins. Civil Society groups from around the world are meeting this week in Geneva to urge national governments to safeguard human rights and to promote full participation in the information society. UN Secretary General Kofi Annan has called for "an information society ñ open and inclusive ñ in which knowledge empowers all people and serves the cause of improving the human condition." EPIC has launched an upgraded Public Voice web site to focus attention on the work of civil society organizations. (Dec. 10)

Embassy Warned Gov't of ChoicePoint Privacy Invasion. EPIC has obtained a message (pdf) under the Freedom of Information Act from the American Embassy in Mexico to US government officials regarding the acquisition of Mexican's personal information by ChoicePoint. The message alerted the White House, the Department of Homeland Security and other agencies that Mexican newspapers and political leaders objected to the transfer of voting and driving records to ChoicePoint, and warned that "a potential firestorm may be brewing." For more information, see the EPIC Public Records Page. (Dec. 8)

EPIC Testifies Before "9/11 Commission". EPIC Executive Director Marc Rotenberg spoke today to the National Commission on Terrorists Attacks on "Security and Liberty." His statement (pdf) emphasized the important history of privacy protection, the problems with new systems of surveillance, and the specific need to preserve Constitutional checks and balances. The hearing will be broadcast live on C-SPAN 2. (Dec 8)

President Signs Credit Reporting Bill. President Bush has signed the "Fair and Accurate Credit Transactions Act of 2003." The bill preempts some state privacy protections, but includes a number of improvements to credit reporting law, including free credit reports annually. EPIC testified twice before Congress in support of strong privacy protections for medical and affiliate-shared information. For more information, see the EPIC Fair Credit Reporting Act and Preemption Pages. (Dec. 5)

Supreme Court to Hear Two Privacy Cases. The Supreme Court will consider today whether a person must prove actual damages to recover a statutory minimum award when the government wrongfully discloses a Social Security Number. EPIC, and a coalition of civil liberties organization and technical and legal experts, has filed a friend of the court brief (pdf) in Doe v. Chao which argues that the Privacy Act provides damages for those who suffer "adverse effects." The brief points to the dangers of SSN disclosure, the tradition of providing similar awards in other privacy laws, and the history of the Privacy Act. The Court will also consider whether the autopsy photos of Vince Foster should be disclosed to the public. In Office of Independent Council v. Favish, the Supreme Court will decide whether the public's right to obtain certain government information outweighs the privacy rights of the deceased's surviving family members. (Dec 3)

California to Require Paper Printouts for Electronic Voting. California Secretary of State Kevin Shelley announced today (pdf) that the state will require "Voter Verified Paper Audit Trails" for all touch screen voting machines by 2006. The proposal is strongly favored by technology experts, including members of the National Committee for Voting Integrity. For more information, see the EPIC Voting page. (Nov 21)

New Voting Group Launched. The National Committee for Voting Integrity will hold a press conference today in Washington, DC to urge Presidential candidates to address the integrity of electronic voting systems. Details to follow. (Nov 21)

Coalition Recommends Privacy Practices for RFID. EPIC and a coalition of privacy organizations have released a position paper on the use of radio frequency identification systems (RFID) as a replacement to bar codes on consumer products. The paper, which was delivered at a RFID Policy Workshop at MIT, recommends a framework of Fair Information Practices for data collected by the technology. For more information, see the EPIC RFID Page. (Nov 17)

Gore Calls for Repeal of Patriot Act. Al Gore, speaking on "Freedom and Security" at an event sponsored by moveon.org and the American Constitution Society, called for the repeal of the Patriot Act. The former vice president said that the law had done little to safeguard America. For more information, read the text of speech and see the EPIC Patriot Act page. (Nov 10)

Complaints Show Need For Telemarketing Registry. Today, the 10th Circuit Court of Appeals will hold a hearing in a challenge brought by telemarketers to the national Do-Not-Call Registry. In recognition of this event, EPIC has posted complaints to the Federal Communications Commission obtained under the FOIA that clearly demonstrate the need for a national Do-Not-Call Registry. For more information, see the EPIC Do-Not-Call Timeline and the Telemarketing Page. (Nov 10)

Students Battle Diebold Over Memos. Members of the Swarthmore Coalition for the Digital Commons, a student organization at Swarthmore College in Pennsylvania, are taking heat from Diebold Election Systems for hosting web pages linked to thousands of leaked Diebold memos that detail flaws in the company's voting machine software. The company claims posting such information is a violation of the Digital Millennium Copyright Act, and has sent out cease-and-desist letters to force websites and ISP's to take down the memos, which Swarthmore has complied with. However, the students have continued to protest, claiming the company is suppressing free speech. For more information, see EPIC's voting page. (Nov 3)

NGO's Urge ICANN To Safeguard Privacy. More than 50 consumer and civil liberties organizations from around the world have written to the Internet Corporation for Assigned Names and Numbers (ICANN) President to urge him to limit the use and scope of the WHOIS database to its original purpose - the resolution of technical network issues - and to establish strong privacy protections based on internationally accepted privacy standards. ICANN is currently meeting in Carthage, Tunisia, to discuss the WHOIS database, which broadly exposes domain registrants' personal data to a global audience, including criminals and spammers. For more information see the EPIC WHOIS page. The WHOIS letter is also available in French and Spanish. (Oct 29)

Members Object to New Postal Rule. Senator Lieberman (D-CT) and Representatives Waxman (D-CA), Obey (D-WI) and Olver (D-MA) have sent a letter (pdf) to the Postal Service urging the agency to revisit a new "cooperative mailing" rule, which becomes effective on November 13. The rule allows for-profit bulk mailers to use discounted mailing rates when making solicitations under the guise of charities. The rule is likely to exacerbate the junk mail problem, increase solicitations where the mailer pockets most of the donations made to the charity, and encourage bulk mailers to create fake charity groups in order to attract donations. For more information, see the EPIC Postal Privacy Page. (Nov. 11)

Senate Action on Credit Privacy Imminent. The U.S. Senate will debate S. 1753 next week, a bill that would permanently invalidate stronger state credit privacy laws. The New York Times and state legislators have editorialized against passage of the legislation, favoring strong privacy and identity theft protections. For more information, see the EPIC FCRA Page. (Oct 28)

Senators Request JetBlue Investigation. A trio of senators have sent a letter to Secretary of Defense Donald Rumsfeld, calling for an investigation into whether the Department of Defense violated Privacy Act regulations in its dealings with JetBlue Airways. In the letter, Susan Collins (R-Me.), Joe Lieberman (D-Conn.), and Carl Levin (D-Mich.) call on Rumsfeld to determine why Torch Concepts, a Department of Defense contractor, solicited passenger information from JetBlue and whether or not this action was a violation of the Privacy Act of 1974. EPIC has filed expedited Freedom of Information Act requests with several federal agencies to learn more about the uses of the disclosed JetBlue passenger records. For more information, see EPIC's passenger profiling page. (Oct. 21)

Senate Passes Ban on Genetic Discrimination. The Senate has unanimously passed the Genetic Information Nondiscrimination Act of 2003, S.1053 which prohibits discrimination in health insurance on the basis of genetic information. Employers are also prohibited from discriminating in hiring, promotions or in any other way on the basis of genetic information or on the basis of a request for genetic services, prohibited from requiring genetic tests or from purchasing genetic information. The legislation now goes to the House for debate. For more information, see EPIC's genetic privacy page. (Oct. 21)

Supreme Court to Review Nevada ID Law. The Supreme Court announced yesterday that it will consider Hiibel v. Sixth Judicial District Court of Nevada, a case that will determine whether an individual who has not been arrested may refuse to identify himself to a law enforcement officer. EPIC and others will file a "friend of the court" brief. The Court will hear oral arguments in the case early next year. (Oct. 21)

EPIC, PIRG Comment on Security Notices. In comments to the Department of the Treasury, EPIC and the U.S. Public Interest Research Group urged the agency to strengthen a proposed guidance on security notices to bank customers. The proposed guidelines specify when a financial institution must give notice to a customer when their personal information has been accessed without authorization. The comments urge the agency to expand the definition of "sensitive consumer information," and to require financial institutions to report statistical information on all security events to federal regulators. For more information, see the EPIC Gramm-Leach-Bliley Act Page. (Oct. 14)

Int'l Consumer Protection Act Moves Forward. The House Committee on Energy and Commerce has reported out the International Consumer Protection Act, a law that would enable the Federal Trade Commission to prosecute cross-border fraud. The amended bill takes into account several recommendations EPIC made in a hearing last month including stronger privacy and procedural safeguards, less government secrecy, and new reporting requirements. A similar measure in the Senate still faces objections from civil liberties organizations. (Oct. 2)

OMB Issues Privacy Guidelines for Agencies. The Office of Management and Budget has issued guidelines to federal agencies on implementing the privacy provisions of the E-Government Act of 2002. The guidelines govern how the agencies handle and protect personally identifiable information. Agencies will now be required to conduct privacy impact assessments of their electronic information systems and post their privacy policies on their web pages, among other stipulations. (Oct 2)

EPIC Urges Halt to CAPPS Air Profile System. Concluding that the controversial CAPPS II air passenger profiling plan is "precisely the sort of system that Congress sought to prohibit when it enacted the Privacy Act of 1974," EPIC has urged the Transportation Security Administration (TSA) to suspend its development until its significant privacy issues are addressed. The recommendation is contained in formal comments (pdf) EPIC submitted to the agency in response to a Privacy Act notice TSA published two months ago. See EPIC's Passenger Profiling page for background information. (Sept 30)

FCC Will Enforce DNC Registry; FTC Appeals Do Not Call Decision. Following the issuance of an order (pdf) by the 10th Circuit Court of Appeals denying a request to delay implementation of the Do-Not-Call Registry, the Federal Communications Commission announced that it will begin enforcing it beginning Wednesday, October 1. In a related case, the Federal Trade Commission has filed a notice that it will appeal (pdf) a Colorado district court's decision (pdf) that invalidated the Registry on First Amendment grounds. Individuals can still enroll in the registry by visiting donotcall.gov. For more information, see the EPIC Telemarketing Page. (Sept 29)

Congress Kills Total Info Awareness Project. Congress has eliminated funding for the controversial Total Information Awareness (TIA) project and closed the Pentagon's Information Awareness Office, the entity that housed TIA and was formerly headed by Adm. John Poindexter. This does not, however, necessarily signal the end of other government data-mining initiatives that are similar to TIA. Projects such as the Novel Intelligence from Massive Data within the Intelligence Community Advanced Research and Development Activity (ARDA) will apparently move forward. See EPIC's Total Information Awareness Page for more information. (Sept 26)

TSA: No Privacy Assessment for CAPPS II. In response to a Freedom of Information Act lawsuit filed by EPIC, the Transportation Security Administration has revealed (pdf) that it has not yet finalized a "Privacy Impact Assessment" for the controversial CAPPS II passenger screening system. The system has been under development for almost two years and the subject of public and Congressional privacy concerns. The disclosure comes as Congress has blocked deployment of CAPPS II until the GAO studies its privacy implications. See EPIC's press release for more information. (Sept 25)

Federal Court Blocks FTC Do-Not-Call List. A federal court in Oklahoma has found (500k pdf) that the Federal Trade Commission exceeded its authority in creating the telemarketing Do-Not-Call registry. UPDATE: The House of Representatives has ratified the FTC's authority to create a Do-Not-Call list by a 412-8 vote. Senate action is still pending. The FTC has filed a stay to delay the effective date of the court's ruling. For more information, see the EPIC Telemarketing Page. (Sept 24)

EPIC Urges End To Homeless Surveillance Proposal. EPIC, joined by eight civil liberties groups, submitted comments to the Department of Housing and Urban Development, urging the agency to reformulate its Homeless Management Information System. As proposed, the system would lay the groundwork for a national homeless tracking system, placing individuals at risk of government and other privacy invasions. For more information, see the EPIC Poverty and Privacy Page. (Sept 23)

Data Commissioners Call for Passenger Data Protection.A resolution was passed at the International Conference of Data Protection and Privacy Commissioners last week in Sydney, calling for "an international agreement stipulating adequate data protection requirements, including clear purpose limitation, adequate and non-excessive data collection, limited data retention time, information provision to data subjects, the assurance of data subject rights and independent supervision." The resolution supports the current stance of the EU, which has rejected U.S. requests to transfer European passenger data until more stringent privacy safeguards are in place. (Sept 18)

EPIC Urges FTC To Investigate Credit Reporting Marketing Practices. In a complaint filed with the Federal Trade Commission, EPIC has urged the agency to investigate the marketing practices of credit reporting agency Experian. The company broadly disseminates advertising offers for "free" credit reports, but actually provides an expensive credit monitoring service that individuals must cancel within thirty days. Experian's advertising is not only misleading, it also stokes fears of inaccuracy in credit reports in order to drive up sales of the company's products. For more information, see the EPIC FCRA Page. (Sept 17)

EPIC to Testify on Int'l Consumer Protection. EPIC Executive Director Marc Rotenberg will testify tomorrow before a House Subcommittee on the need to address the problem of cross-border fraud while preserving important civil liberties safeguards. The Congress is considering a measure that would provide greater authority to the Federal Trade Commission to combat cross border fraud. Rotenberg supported the effort, but said that provisions that reduce privacy safeguards, limit government oversight, and diminish legal safeguards should be removed. Rotenberg also said that privacy safeguards are necessary for the WHOIS database to reduce the growing problem of Internet-based fraud. The hearing will be webcast at 10 a.m. EDT. (Sept 16)

Coalition Urges Protection of Health Info. EPIC, the Health Privacy Project and 28 other health care advocacy, labor, consumer, disability rights, and health care provider groups sent a letter to Health and Human Services Secretary Tommy Thompson urging him to affirm that protected health information sent through the banking network must be accessible only to providers and health plans for whom it is intended. Financial institutions have expressed interest in data mining electronic transactions that flow through the banking system in order to gain information for use in marketing and credit risk evaluation. The Privacy Rule includes guidance that requires protection of health information in banking transactions, but the banking industry has been asking the Office for Civil Rights to revise or retract this earlier guidance. For more information about the Privacy Rule, see EPIC's Medical Privacy Page. (Sept 10)

Coalition Alerts Congress to Homeless Surveillance System. EPIC and a coalition of 24 privacy, civil liberties, and homeless advocacy organizations sent a letter to Congress today to warn Members of the Department of Housing and Urban Development's plans to create a homeless surveillance program. The program, known as Homeless Management Information Systems, collects detailed personal information on the homeless, and enables it to be shared regionally. The program raises risks of a national, centralized homeless tracking system, risks to domestic violence victims who are seeking shelter, and heightens the ability of law enforcement to gain access to personal data. The public can comment on the program until September 22, 2003. For more information, see the EPIC Poverty and Privacy Page. (Sept 9)

EPIC Lawsuit Compels Release of Profiling Info. One day after EPIC applied for an emergency court order (pdf) requiring the immediate release of documents concerning the Computer Assisted Passenger Prescreening System (CAPPS II), the Transportation Security Administration (TSA) has relented. In a formal submission (pdf) filed with the federal court in Washington, TSA has agreed to complete processing the material by September 25, five days before public comments are due on TSA's proposed Privacy Act notice for the controversial system. (Sept 8)

EPIC Releases Privacy and Human Rights Report. In a press conference at the National Press Club on September 5th, EPIC released the 2003 Privacy and Human Rights Report. This extensive survey examines the state of civil liberties and privacy rights around the world. Key topics include new technologies of surveillance, such as Total Information Awareness in the U.S., the use of biometric identification, and the public response to governments' increasing violations of individual privacy. The event was webcast. The EPIC press release details the contents of the report. (Sept 5)

FTC Releases Strong ID Theft Findings, Weak Recommendations. The Federal Trade Commission released a report finding that identity theft imposes billions of dollars of costs, and millions of hours of wasted time upon society. However, the agency's recommendations to address identity theft were entirely reactive, and likely to exacerbate the crime. The recommendations primarily addressed how victims can recover from the crime, including the use of uniform identity theft affidavits. Additionally, the agency recommended that Congress preempt state credit laws, which will worsen the problem by preventing states from passing strong identity theft legislation. For more information, see the EPIC Privacy and Preemption Page. (Sept 5)

EPIC, Organizations, Scholars, and Experts File Brief in Supreme Court Privacy Case. EPIC, 12 privacy organizations, and 16 legal scholars and technical experts have filed an amicus brief in Doe v. Chao, a case concerning the wrongful disclosure of the Social Security Number. The friend of the court brief argues that the Privacy Act provides damages for those who suffer "adverse effects." The brief points to the dangers of SSN disclosure, the tradition of providing similar awards in other privacy laws, and the history of the Privacy Act. More information is available at EPIC's Doe v. Chao Page. (Aug 27)

Tampa Scraps Face-Recognition System. The Tampa Police Department this week abandoned face-recognition technology after the Identix system failed to produce any positive identifications. The camera-based system scanned the faces of tourists, residents, and visitors in Ybor City and then compared the images with police mug shots. No arrests resulted. The Identix system is still in operation in Virginia Beach and Great Britain. Several studies have shown that face-recognition technology is ineffective and error-ridden. See EPIC's Face Recognition, Video Surveillance, and Observing Surveillance pages. (Aug 20)

EPIC Alerts Public to Homeless Tracking System.Proposed guidelines (pdf) to create a homeless tracking database called "Homeless Management Information Systems" present serious risks to civil liberties. EPIC has released a new fact sheet (pdf) detailing the risks, and urging the public to send comments to the Department of Housing and Urban Development in opposition to HMIS. For more information, see the EPIC Poverty and Privacy Page.(Aug 19)

Poindexter Resigns But Defends "Total Info" Plan. In a letter (pdf) to the Director of the Pentagon's research agency, retired Admiral John Poindexter has formalized his resignation as head of the Information Awareness Office. He defends the controversial Total Information Awareness program and cites the Privacy with Security (pdf) study as an example of his office's efforts to "protect the privacy of innocent people." That study was first released as a result of an FOIA lawsuit filed by EPIC. See EPIC's Total Awareness Page for background information. (Aug 14)

Maryland To Audit Electronic Voting Machines. Maryland Governor Bob Ehrlich has called for an independent review of touch-screen voting machines after security researchers found flaws in the Diebold voting machines that Maryland purchased for $56 million. More information at Verified Voting. (Aug 12)

FOIA Records Details of Attempts to Track Legislators. EPIC has obtained Federal Aviation Administration transcripts (pdf) and audio recordings concerning a request by the office of US House of Representatives Majority Leader Tom DeLay (R-TX) to track Texas Legislators fleeing the State by plane. The audio recordings of telephone conversations between the FAA's Washington Operations Center and various field employees indicate that the FAA employees were misled into believing that the request to track the legislators was part of an official Congressional investigation. (Aug 8)

HUD Announces Homeless Tracking System. The Department of Housing and Urban Development announced guidelines for "Homeless Management Information Systems" (HMIS). HMIS is a standard system for tracking homeless persons and the services rendered to them. Although the plan does not call for a national, centralized database, the information collected could easily facilitate the creation of such a database in the future. Law enforcement, Secret Service, and National Security access to the database would be nearly unlimited. The guidelines are open to public comment until September 22, 2003. For more information, see the EPIC Poverty and Privacy Page. (Aug 6)

Air Passenger Profiling System Revised. The Transportation Security Administration (TSA) has published a revised notice (pdf) concerning the controversial Computer Assisted Passenger Prescreening System (CAPPS II). In response to hundreds of critical comments received on an earlier notice, TSA will limit the amounts of personal data collected and shorten the retention period. But CAPPS II will be used for enforcement purposes beyond aviation security, and sources of data may not be disclosed to the public. TSA is soliciting public comments for 60 days. See TSA's press release and EPIC's AIR Travel Privacy page. (Jul 31)

Wyden Bill Seeks to Control Gov't Database Use. Sen. Ron Wyden has introduced the Citizens' Protection in Federal Databases Act (pdf) to hold government agencies accountable for the use of private and personal information. It requires detailed reporting and prohibits the use of databases to explore "hypothetical scenarios." In a press release, Wyden said Congress "cannot stand by and allow the government to shine a spotlight onto the personal records of law abiding citizens who have a constitutionally protected right to privacy." FBI documents (pdf) obtained by EPIC show that Bureau use of private databases increased by 9600 percent over a ten-year period. (Jul 30)

Senate Nixes Domestic Spy Plan. The United States Senate has voted unanimously to block funding for the Total Information Awareness program. According to the Defense Department appropriations, no funding "may be obligated or expended on research and development on the Terrorism Information Awareness program." The Administration lobbied to keep the funding intact. See the EPIC Total Information Awareness Page. (Jul 18)

Wal-Mart Cancels "Smart Shelf" Plans. Wal-Mart announced on July 9, 2003, that it would not move forward with plans to tag consumer products with Radio Frequency Identification (RFID) chips. Although Wal-Mart says the move simply reflects a corporate decision to implement RFID technology in warehouses and distribution centers instead of retail stores, concerns about the misuse of data gleaned from the tracking devices have prompted a public outcry against the technology. For more information, see the EPIC RFID Page. (Jul 16)

EPIC Urges Protections for the SSN. In testimony before the House Ways and Means Subcommittee on Social Security, EPIC urged Congress to pass comprehensive legislation to protect the privacy of the Social Security Number. For more information, see the EPIC SSN Page. (Jul 10)

Credit Agencies Perpetuate Inaccurate Consumer Reports. In a submission to a Senate Banking Committee hearing on the Fair Credit Reporting Act, EPIC highlighted structural flaws in the credit reporting system that lead to inaccuracy and consumer frustration. Credit reporting representatives are required to complete 100 consumer files a day and are encouraged not to take simple steps that could resolve disputes. For more information, see the EPIC FCRA Page. (Jul. 10)

EPIC Testifies on Credit Reporting Privacy. In testimony before the House Financial Services committee, EPIC Deputy Counsel Chris Jay Hoofnagle urged lawmakers to strengthen privacy and accountability provisions in the Fair Credit Reporting Act. Nine leading consumer and civil liberties groups joined the testimony. EPIC also obtained new documents (pdf) under the FOIA indicating that consumer complaints to the Federal Trade Commission regarding the credit reporting agencies have increased dramatically. For more information, see the EPIC FCRA Page. (Jul. 9)

RFID Developers Public Relations Plans Revealed.Consumers Against Supermarket Privacy Invasion and Numbering has located a number of internal public relations documents that discuss how Radio Frequency Identification (RFID) developers plan to "neutralize opposition" to the technology. The documents, prepared by Fleishman-Hillard, suggest that, "Political climate and shifting public perception require a proactive plan thatÖmitigates possible public backlash" to RFID adoption. For more information, see the EPIC RFID Page. (Jul. 7)

ICANN Considers WHOIS in Montreal Meeting. The Internet Corporation for Assigned Names and Numbers (ICANN) recently met in Montreal and discussed WHOIS issues. During the public participation session, EPIC pointed out that there are various types of registrants, and that sensible policies governing WHOIS should consider non-commercial and individual Internet speakers. The President of ICANN closed the workshop with recommending that ICANN groups and constituencies work together to prioritize WHOIS issues and develop a work program. EPIC is serving on the WHOIS Privacy Steering Committee that will work to devise such a program. See EPIC's WHOIS page for more information. (Jul. 1)

FCC Approves Telemarketing No Call Registry.The Federal Communications Commission has authorized a national telemarketing do-not-call registry that will be operated in conjunction with the Federal Trade Commission. Individuals can enroll in the registry online starting Friday, June 27, 2003. It is estimated that individuals who enroll in the registry will experience a 70% reduction in telemarketing calls. The new rules also require written consent from an individual before a business can send a "junk fax." EPIC filed detailed comments on the new rules that were joined by a coalition of consumer groups. For more information, see the EPIC Telemarketing Page. (Jun. 26)

Supreme Court Invalidates Sodomy Law. The U.S. Supreme Court issued a decision today that invalidated a Texas sodomy law. The decision reverses the Court's 1986 holding where sodomy laws were upheld, and is likely to invalidate laws in twelve other states that regulate the activities of adults that occur within the privacy of the home. Justice Kennedy wrote: "Liberty presumes an autonomy of self that includes freedom of thought, belief, expression, and certain intimate conduct." He concluded, "As the Constitution endures, persons in every generation can invoke its principles in their own search for greater freedom." For more information, see the EPIC Gender and Privacy Page. (Jun. 26)

EPIC Urges Opt-In for Affiliate Sharing. In a submission to the Senate Banking Committee Hearing on Affiliate Sharing and the Fair Credit Reporting Act, EPIC argued that Congress should adopt an opt-in standard for affiliate sharing of personal information. The size of modern financial institutions has diminished individuals' control over their personal information, leading to fraudulent telemarketing and heightened risk of identity theft. For more information, see the EPIC FCRA and Preemption Pages. (Jun. 26)

Supreme Court Upholds Library Filtering Law. The U.S. Supreme Court today held that public libraries can be required to install software designed to block sexually explicit Web sites. The decision upholds the Children's Internet Protection Act, which requires the installation of filtering software on computers in libraries that receive federal support. EPIC's publication, Filters & Freedom 2.0, details the free expression implications of filtering technologies. EPIC served as co-counsel in the constitutional challenge and maintains an archive of relevant materials, including the five separate opinions issued by the Supreme Court. (June 23)

EPIC Comments on FTC Info Workshop. In comments submitted to the Federal Trade Commission's Information Flows Workshop, EPIC argued that there is strong support for Fair Information Practices to address business uses of personal information, and that businesses have used personal information to limit consumer choice, to raise prices, and to engage in fraud. The comments also question the integrity of industry-funded academics who have employed dubious research methods and specious arguments to stymie privacy regulations. EPIC's submission included an paper by Robert Gellman on the costs of not protecting privacy, and a law review article by Elizabeth Warren discussing the integrity of industry-funded academic groups, such as the Credit Research Center. For more information, see the EPIC Consumer Profiling Page. (Jun. 18)

Appeals Court Upholds DOJ's Secret Arrests. In a divided opinion (pdf), the D.C. Circuit Court of Appeals has endorsed the Justice Department's efforts to keep secret the identities of hundreds of individuals detained after the September 2001 terrorist attacks. The decision comes in a Freedom of Information Act case in which EPIC is a plaintiff and co-counsel. In a dissenting opinion, Judge David Tatel says the majority decision "eviscerates both FOIA itself and the principles of openness in government that FOIA embodies." The Justice Department's Inspector General issued a report (pdf) earlier this month that sharply criticized the Department's handling of the detainees. For background, see EPIC's page on CNSS v. DOJ. (Jun. 17)

EPIC Testifies on Medical Privacy, FCRA, Preemption. In testimony (pdf) before the House Financial Services Subcommittee on Credit, EPIC Executive Director Marc Rotenberg urged the Congress to increase protections for medical privacy in the Fair Credit Reporting Act. EPIC called for opt-in protections for affiliate sharing of personal information, and for an end to preemption of state law in the FCRA. Rotenberg concluded, "As we enter the twenty-first century, it is clear that privacy protection is one of great issues facing the nation and that the states have a central role to play." For more information, see the EPIC FCRA and Preemption Pages. (Jun. 17)

EPIC Sues for Air Profiling Info. EPIC today filed suit (pdf) against three federal agencies, seeking disclosure of information concerning the controversial CAPPS II airline passenger profiling system. Named as defendants in the FOIA case are the Department of Homeland Security, the Transportation Security Administration and the Department of Defense. See EPIC's press release for more details and EPIC's Passenger Profiling page for background information. (June 11)

EPIC Testifies on Int'l Fraud, Privacy. EPIC Executive Director Marc Rotenberg testified today before the Senate Commerce Committee on the need to address the problem of cross-border fraud while preserving important civil liberties safeguards. The Congress is considering an FTC proposal that will enable cooperation among consumer agencies around the world to combat cross-border fraud. Rotenberg supported the effort, but said that provisions that would reduce privacy safeguards, limit government oversight, and diminish legal safeguards should be removed. Capitolhearings.org will broadcast a live feed of the testimony. (June 11)

EPIC Experts Examine Technology and Privacy. On Monday, June 2, EPIC explored the theme of Privacy and Technology: Looking Back, Looking Ahead at the National Press Club in Washington, DC During this public conference, legal, policy, and technical experts discussed the legacy of George Orwell, the challenge of new technologies as they relate to privacy and surveillance, the role of law in safeguarding civil liberties, and the role of technology in safeguarding civil liberties. June 25, 2003 marks the 100th anniversary of Orwell's birth. (June 6)

EPIC Testifies at Senate Spam Hearing. The Senate Commerce Committee explored Unsolicited Commercial Email, or "spam," at a hearing on May 21st. EPIC Executive Director Marc Rotenberg testified on the need for strong, effective measures to reduce spam. EPIC favors "opt-in" mailing lists, a private right of action for consumers, and freedom for states to pursue spammers, combined with technical measures and international cooperation. For more information, see EPIC Spam page. (May 20)

Info Awareness Report Due. The Department Defense research agency is expected to submit a report to Congress day on the Total Information Awareness program. In February Congress suspended funding for the surveillance program and required the Defense Department to describe the project's privacy implications. An EPIC lawsuit has produced contractor documents that reveal key projects on monitoring and tracking individuals in the United States. For more information, see EPIC's Total Information Awareness Page. (May 20)

FBI Legal Memo Describes Use of Private Databases. A FBI memorandum (380k pdf) obtained by EPIC under a Freedom of Information Act lawsuit discusses use of private sector databases for intelligence investigations. The memo concludes that FBI agents may use the databases without violating the Attorney General's Guidelines. A separate presentation (184k pdf) claims that the FBI has increased its use of such databases by 9,600% since 1992. For more information, see the EPIC Public Records and Attorney General's Guidelines Pages. (May 13)

ChoicePoint Constructing "Central Biometric Authority." Documents filed in a federal lawsuit in Georgia show that ChoicePoint has contracted with the International Biometric Group to create a "central biometric authority" for identity verification. According to the complaint (600k pdf) and answer (700k pdf), the central biometric authority is to perform "secure and standardized acquisition, matching, and indexing of biometric data." For more information, see the EPIC Biometrics and Workplace Privacy Pages. (May 13)

New Passport Flaw Found. A computer researcher in Pakistan has found a new flaw in Microsoft Passport that could expose personal information, including credit card numbers, for 200 million Internet users. In July and August 2001, EPIC and a coalition of consumer advocacy groups filed detailed complaints (available as PDF files) with the Federal Trade Commission (FTC) about the privacy risks associated with the Passport identification and authentication system. The FTC found that the Microsoft representations about Passport constituted an unfair and deceptive trade practice and settled the action against Microsoft. The agreement (pdf) required that Microsoft establish a comprehensive information security program for Passport, and that it must not misrepresent its practices of information collection and usage. For more information, see the FTC's complaint (pdf), and the EPIC Passport Investigation Page. (May 8)

FISA Wiretaps At All-Time High. According to the 2002 FISA Annual Report from the Attorney General, "All 1228 applications presented to the Foreign Intelligence Surveillance Court in 2002 were approved." In 2001, 934 applications were approved. Background on the Foreign Intelligence Surveillance Act at the EPIC FISA Page. (May 1)

FTC Holds Spam Forum. The Federal Trade Commission (FTC) has begun a three-day conference on spam. In anticipation of the event, the FTC released a study finding that 66% of spam in their sample contained a false claim. EPIC Deputy Counsel Chris Hoofnagle is participating in the forum on a panel addressing "Falsity in Sending of Spam." For more information, see the EPIC Spam Page. (Apr. 30)

Coalition Alleges Children's Privacy Violation. EPIC and 11 consumer organizations alleged in a complaint to the Federal Trade Commission (FTC) today that Amazon.com has illegally collected and disclosed children's personal information in violation of the Children's Online Privacy Protection Act (COPPA). The FTC has taken action in previous cases where companies direct web sites towards children and collect the personal information of children. For more information, see the press release and EPIC COPPA Page. (Apr. 22)

EPIC FOIA Docs Spark International Inquiry.Documents (pdf) obtained by EPIC under the Freedom of Information Act have sparked international inquiries into the sale of personal information to ChoicePoint, an information brokerage company. Additional documents (pdf) show ChoicePoint's databases that were marketed to the U.S. government, which include citizen registry, motor vehicle, and other information for Brazil, Argentina, Mexico, Columbia, and Costa Rica. Mexican officials and the President of Nicaragua have announced that they will begin investigations. For more information, see the EPIC Public Records and Profiling Pages. (Apr. 16)

EPIC Establishes Privacy Threat Index. The Electronic Privacy Information Center announced today that it was establishing a new Privacy Threat Index to track the growing threat to privacy resulting from the expansion of government surveillance. Based on developments during the past year, EPIC assessed the current level as Yellow. Update: Homeland Security index reduced, EPIC Privacy Threat Index remains unchanged.(Apr. 16)

Coalition Urges Accuracy for FBI Database - Online Petition Drive Continues. More than eighty organizations across the United States have endorsed a letter urging the reestablishment of accuracy requirements for the FBI's National Crime Information Center (NCIC), the nation's largest criminal justice database. While the deadline for organizations to sign on to the letter has passed, individuals are still encouraged to sign on to the online petition. (Apr. 8)

EPIC Opposes Preemption of State Privacy Enforcement. In comments to the Office of the Comptroller of the Currency, EPIC argued that the agency lacks the legal authority to prevent states from enforcing consumer protection and privacy laws against banks and their affiliates. The EPIC comments respond to the agency's proposed rule (pdf) that interprets the OCC's "visitorial powers" so broadly that states could not enforce their own consumer protection and privacy laws against banks. (Apr. 8)

Benetton: No Microchips in Clothes (Yet). Italian-based clothing company Benetton announced that it has not put Radio Frequency Identification (RFID) tags in its clothing, despite some reports to the contrary. The company said it will undertake a study of the tracking technology, "including careful analysis of potential implications relating to individual privacy." Consumers Against Supermarket Privacy Invasion and Numbering had organized an anti-RFID boycott of the international clothes manufacturer and vendor. For more information, see Junkbusters' page on RFID. (Apr. 7)

EPIC Obtains More Info on Total Info Awareness. An EPIC lawsuit (pdf) has resulted in the release of more documents (pdf) about Total Information Awareness. The most recent disclosures provide details on specific projects, including deliverables and timelines. For more information, see the updated table of contractors. (Apr. 4)

EPIC Suit Uncovers Watchlist Errors. EPIC has uncovered agency documents through the Freedom of Information Act that raise important questions about how the Transportation Security Administration currently operates the "No-Fly" watchlist. The concerns surrounding the agency's administration of the list previews several potential problems with the proposed roll out of CAPPS-II, the Enhanced Computer Assisted Passenger Pre-screening System. For more information, see EPIC's analysis of the FOIA documents. (Apr. 1)

ICANN Adopts Non-Privacy WHOIS Policies. The Internet Corporation for Assigned Names and Numbers (ICANN) adopted the WHOIS Task Force's policies on accuracy and bulk access of WHOIS data. ICANN also directed its President to appoint a President's Standing Committee on Privacy to monitor the implications of existing and proposed ICANN policies on the handling of personal data. In the meantime, ICANN's Generic Names Supporting Organization initiated a policy development process that may lead to the creation of a new privacy task force that would serve to adequately address WHOIS-related privacy issues. See EPIC's page on WHOIS and Privacy for more information. (Mar. 31)

EPIC Criticizes Profiling at EP Hearing. At a European Parliament Committee on Citizens' Freedoms and Rights hearing on traveler profiling in Brussels, EPIC submitted a statement (pdf) identifying the threats that extensive US profiling programs raise for European and American travelers' privacy. These threats include reversal of the presumption of innocence, widespread spying and third party data sharing, long-term retention of passenger records, lack of access and judicial remedies, and absence of public oversight. See EPIC's page on Surveillance of European Air Travelers. (Mar. 27)

Coalition Asks Congress to Stop Air Profiling. EPIC joined a broad coalition of national organizations urging Congress to stop the deployment of the Transportation Security Administration's second-generation airline passenger profiling system known as CAPPS-II (Computer Assisted Passenger Pre-Screening System). The coalition letter asks Congress to carefully and deliberately assess the program's effectiveness as a security measure, its cost in economic terms, and its impact on civil liberties before allowing the agency to move forward with the surveillance program. For more information, see EPIC's Passenger Profiling page. (Mar. 26)

EPIC Urges Privacy Act Rules for Data Miners. In comments submitted for a hearing before the House Government Reform Subcommittee on Information Policy, EPIC described risks to privacy and civil liberties posed by data mining. Relying upon documents obtained through the Freedom of Information Act, EPIC argued that since the government obtains volumes of personal information from private-sector companies, Congress should extend the Privacy Act to cover commercial information brokers. For more information, see the EPIC Public Records and Consumer Profiling Pages. (Mar. 25)

Groups Oppose Marketing of Tax Information. EPIC and a coalition of consumer groups submitted a letter (pdf) to the Department of the Treasury warning the agency that commercial tax preparation companies participating in the IRS Free File program are using confidential taxpayer information to market financial products and services to individuals. For more information, see the press release. (Mar. 25)

EPIC/ACLU Challenge PATRIOT Act Secrecy. In a legal memorandum (pdf) filed with the federal court in Washington, EPIC and the American Civil Liberties Union challenge the Justice Department's refusal to disclose basic, statistical information concerning implementation of the controversial USA PATRIOT Act. For background information and copies of DOJ and FBI documents that have been obtained, see EPIC's PATRIOT Act FOIA Litigation page. (Mar. 24)

EPIC Issues Privacy Report on WHOIS. Current policies for the .COM/.ORG/.NET top-level domains require the publication of personal information, such as a registrant's mailing address, email address, telephone number, and fax number. EPIC's WHOIS Privacy Issues Report (pdf), issued as ICANN considers new policies for WHOIS data, recommends that WHOIS policies follow the Organization for Economic Cooperation and Development Privacy Guidelines. The OECD Privacy Guidelines reflect an international consensus on privacy protection for transborder dataflows that directly implicates WHOIS policies and practices. See EPIC's new page on WHOIS and Privacy for more information. (Mar. 19)

EPIC Launches FOIA Gallery. In celebration of Freedom of Information Day, EPIC has created the Online FOIA Gallery 2003. The Web site provides scanned images of documents obtained by EPIC through the Freedom of Information Act, including evidence of the misuse of the Foreign Intelligence Surveillance Act, video monitoring of political protesters in Washington, DC, and the names and project titles of the organizations receiving funding from John Poindexter for research on Total Information Awareness. (Mar. 14)

Senators Want Answers on Air Profiling. The Senate Commerce Committee has unanimously agreed to an amendment (pdf) by Sen. Ron Wyden (D-OR) that would require the Transportation Security Administration to report to Congress on the privacy and civil liberties implications of the controversial CAPPS-II air passenger profiling system. See EPIC's Air Travel Privacy page for background information. (Mar. 13)

EP Opposes Passenger Data Disclosure. An overwhelming majority of the European Parliament has adopted a resolution opposing a data disclosure arrangement (pdf) agreed upon by the European Commission and the US on February 17-18. The arrangement allows European airlines to transfer airline passenger data to US Customs. Parliament has stated that this arrangement has no legal basis, and believes that it could cause the US administration to enter "de facto 'data-mining' territory." The resolution questions the legal legitimacy of this kind of data disclosure in both the European Union and the US. For more information, see EPIC's page on Surveillance of European Air Travelers. (Mar. 13)

"Fix" Proposed for New FOIA Exemption. Several U.S. Senators have introduced legislation to narrow the broad FOIA exemption for "critical infrastructure protection" information that Congress included in the Homeland Security Act. In Congressional testimony last year, EPIC warned that the broad exemption could hamper public oversight of the new Department of Homeland Security. (Mar. 12)

Court Strikes Down Censorship Law (Again). The Third Circuit Court of Appeals has, for the second time, ruled that the Child Online Protection Act (COPA) is unconstitutional. In a decision (pdf) issued on March 6, the court found that the law violates the First Amendment because it improperly restricts access to a substantial amount of online speech that is lawful for adults. The decision follows a Supreme Court decision that sent the case back to the appeals court, which had previously ruled that COPA was unconstitutional. EPIC is co-counsel in the case and maintains a COPA Litigation page with background material. (Mar. 7)

Sup. Ct. Upholds Sex Offender Registry Laws. In Smith v. Doe (pdf), the Supreme Court ruled that the Alaska Megan's Law statute, which requires sex offenders to have their pictures and addresses put on the Internet, even though it was retroactively applied, does not violate the Ex Post Facto Clause of the Constitution because the statute is not a punitive civil regulation. EPIC argued in an amicus curiae brief (pdf) that the mandatory online dissemination of sex offender information is excessive when weighed against the statutory purpose of protecting people in the geographic vicinity of released offenders, and therefore unconstitutional. Justice Stevens and Justice Ginsburg wrote dissenting opinions. In a similar case (Connecticut Dept. of Public Safety v. Doe (pdf)), a unanimous Court held that inclusion in a public sex offender registry, without a separate hearing on the offender's risk to the community, does not violate the Due Process Clause of the Constitution. See the EPIC Megan's Law page. (Mar. 5)

Air Travel Profiling Violates EU Privacy Laws. The US government has pressured European Union authorities to allow European airlines to disclose passenger information. A new agreement (pdf) (also available in HTML from Statewatch) makes medical, ethnic and religious information available to US law enforcement. The agreement violates EU data protection laws because the disclosure is excessive and does not provide adequate privacy safeguards. See EPIC's new page on Surveillance of European Air Travelers. (Mar. 5)

EPIC Comments on Biometrics Specification. The Organization for the Advancement of Structured Information Standards (OASIS) has developed an XML Common Biometric Format 1.0 Committee Specification. This is a standard schema for biometrics, including information that verifies identity based on human characteristics, such as fingerprints, iris scans, hand geometry, and DNA. Drawing a distinction between security and privacy, EPIC submitted comments on the specification, stating that while it may respect security standards, it cannot be fairly or accurately described as respecting or achieving privacy. EPIC recommends that OASIS conduct further research on the implementation of privacy safeguards within the specification. (Mar. 5)

Supreme Court to Consider Internet Filtering. The U.S. Supreme Court will hear oral arguments on March 5 in the constitutional challenge to the Children's Internet Protection Act. A lower court struck down the law, which requires libraries receiving federal Internet subsidies to install filtering software on all computers. EPIC is co-counsel in the case and maintains a CIPA Litigation page. Also see EPIC's Filters & Freedom 2.0, a collection of essays on the free speech impact of content control technology. (Mar. 4)

Supreme Court Won't Decide FOIA Case. The U.S. Supreme Court has decided (pdf) not to consider a pending case that pitted gun owner privacy interests against the public's right to know. The Court was scheduled to hear oral arguments in BATF v. City of Chicago on March 4, but has sent the case back to the lower court to consider the effect of a recently enacted legislative provision that prohibits the BATF from expending funds to disclose records concerning gun ownership. EPIC had filed an amicus brief (pdf) arguing that, through the use of technology, the government could encode personal information before releasing it, thereby permitting public oversight of government activities while protecting individual privacy rights. (Feb. 27)

Surveillance Oversight Act Introduced. Members of the Senate Judiciary Committee have introduced the Domestic Security Oversight Act (pdf). The bill would increase the public reporting requirements of the Department of Justice on its implementation of the Foreign Intelligence Surveillance Act. The American Bar Association has also urged (pdf) better public reporting regarding the FISA. An interim report by the bill sponsors (pdf) on the FBI's use of the FISA details major problems with its implementation. See EPIC's FISA page for more information. (Feb. 25)

EPIC Comments on Air Travel Database. EPIC submitted comments on a Transportation Security Administration proposal (pdf) to create a new database of Aviation Security Screening Records on all airline passengers. EPIC argued that the proposed system did not provide sufficient information for the public to contribute meaningfully to this rule-making procedure, and that the proposed system would infringe on the Constitutional right of association and travel. (Feb. 24)

NH Supreme Court: Information Sellers May Be Liable for Amy Boyer's Death. The New Hampshire Supreme Court has held that information brokers and private investigators can be liable for the harms caused by selling personal information. In the case, a young woman was murdered by a stalker who obtained her personal information from information brokers and private investigators. EPIC submitted an amicus brief in the case supporting greater privacy protections against pretextual calling and the sale of Social Security Numbers. For more information, see the EPIC Amy Boyer Page. (Feb. 18)

Congress Nears Passage of "Do-Not-Call" Bill. By a 418-7 vote, the House of Representatives passed telemarketing legislation that will allow the FTC to operate a national Do-Not-Call list. The DNC list is supported by the Bush Administration, and the Senate is likely to approve telemarketing legislation this week. For more information, see the EPIC Telemarketing Page. (Feb. 13)

Congress Limits Pentagon Spy Program. The New York Times reports that Members of a House-Senate Conference have adopted Senator Wyden's Amendment limiting the Total Information Awareness (TIA) program. Funding will terminate for the program unless DARPA submits a detailed report to Congress within 90 days. Additionally, TIA cannot be deployed against US Citizens without Congressional approval. For more information, see the EPIC TIA Page. (Feb. 12)

American Bar Association Urges FISA Oversight. The American Bar Association has adopted a resolution calling on Congress to conduct oversight of the Foreign Intelligence Surveillance Act to ensure that government investigations do not violate Constitutional protections. The ABA also urged Congress to require annual reports for FISA investigations, comparable to those required by the federal wiretap act. The ABA action follows a controversial decision by the Foreign Intelligence Court of Review. (Feb. 11)

"PATRIOT II" Draft Obtained. The Center for Public Integrity has obtained draft legislation titled the "Domestic Security Enhancement Act of 2003." The legislation would expand surveillance powers and access to private data while limiting access to information held by the government. For more information, see the EPIC USA PATRIOT Act Page. (Feb. 7)

Defense Dept. Proposes Advisory Panels. The Secretary of Defense has announced the creation of two advisory boards to provide guidance on the Total Information Awareness (TIA) project of the Defense Advanced Research Projects Agency (DARPA). The proposal comes just as a Senate proposal that would require Congressional oversight over the TIA project is being considered by a House-Senate conference committee. The DOD proposal appears intended to deflect Congressional scrutiny. For more information, see EPIC's TIA page. (Feb. 7)

EPIC to Sup. Ct.: Protect Privacy and Open Gov't. EPIC, joined by 16 legal scholars and technical experts, today filed an amicus brief [PDF] in BATF v. City of Chicago, a Freedom of Information Act case pending in the U.S. Supreme Court. The brief argues that, through the use of technology, the government can encode personal information before releasing it, thereby permitting public oversight of government activities while protecting individual privacy rights. EPIC tells the Court that the enactment of "electronic" FOIA legislation in 1996 constitutes a congressional recognition that technology can be employed to enhance open government. See EPIC's BATF v. City of Chicago page for additional information. (Feb. 5)

EPIC Criticizes Gov't Rule on Citizen Travel. EPIC has filed comments [PDF] on the Immigration and Naturalization Service (INS)'s proposed rule to collect passenger manifest information on all international travelers, including American citizens and legal permanent residents. The comments argue that the proposed rule is legally deficient because the INS has not complied with the Privacy Act in creating this new "system of records." EPIC has asked the INS to reissue its notice and meet the requirements of the Privacy Act. The comments also note that, by collecting and sharing travel data about citizens, the INS is placing a burden on the right to travel and the rights of anonymous association. For more information, see EPIC's Air Travel Privacy page. (Feb. 4)

European Commission Orders Microsoft to Modify Passport.In a report [PDF] on online authentication services, the EU Working Party on Data Protection has identified several areas where Microsoft's Passport has violated EU data protection rules. As a result, Microsoft has agreed to make substantial changes to Passport. EC Commissioner Bolkestein said that companies will need to follow the Working Party Guidelines for future services. The report also discusses the Liberty Alliance Project system, and establishes guidelines on the implementation of future online authentication systems. In July and August 2001, EPIC and a coalition of consumer advocacy groups filed complaints [available in PDF] with the FTC, detailing the privacy risks associated with Passport. Those complaints resulted in an investigation and consent order with Microsoft. For more information, see the EPIC Microsoft Passport Investigation Docket, EPIC's Microsoft Passport Page, and EPIC's Liberty Alliance Page. (Jan 30)

Senate Limits Total Information Awareness System. Senators led by Ron Wyden (D-OR) accepted Amendment 59 to a spending bill that will suspend the development of the Total Information Awareness (TIA) system. Funding for development of TIA will end 60 days after the passage of the bill unless the intelligence community submits a detailed report to Congress on the privacy and civil liberties implications of the system. The amendment further requires Congressional authorization before TIA is deployed by any agency. However, exceptions in the amendment allow President Bush to approve continued funding for TIA, and the use of TIA for military operations outside the United States. For a history of the campaign against TIA, visit the EPIC TIA Page. (Jan. 24)

European Parliament Coalition Opposes Data Retention. A multi-party group of 38 European Parliament members have recommended that the European Council abandon its data retention plans to monitor people's private communications. The group pushed for alternative solutions to fight crime, condemned the practice of data retention as violating international laws, and argued for strict limits to the storage and use of communications for law enforcement. (Jan. 22)

EPIC Wins FOIA Lawsuit Against Pentagon on Poindexter Records. U.S. District Judge John Bates today issued a decision [PDF] that rejects the Defense Department's attempt to impose financial obstacles to EPIC's requests under the Freedom of Information Act. The court ruled that EPIC is entitled to "preferred fee status" under the FOIA and ordered the Pentagon to "expeditiously" process EPIC's almost year-old request for information concerning Admiral John Poindexter and the Information Awareness Office. (Jan. 16)

EPIC Joins Call for Halt to "Total Info Awareness." In a letter to Congress [PDF], EPIC and a diverse coalition of civil liberties organizations today called for a prohibition on further development of the controversial Total Information Awareness project. Citing the privacy implications of the Pentagon's proposed domestic surveillance system and other "data mining" initiatives, the groups said that "Congress should put such programs on hold and ask the tough policy questions up front, long before domestic surveillance systems scoop up Americans' personal information." See EPIC's Total Information Awareness page for background. (Jan. 14)

Senators Pose Data Mining Questions to Ashcroft. In a seven-page letter [PDF] to Attorney General John Ashcroft, three members of the Senate Judiciary Committee have asked for detailed information on "current 'data mining' operations, practices and policies at the Department of Justice." The request includes information concerning DOJ involvement in the controversial Total Information Awareness project at the Defense Department. Also, Senator Tom Harkin today asked the Senate Defense Appropriations Subcommittee to call on Adm. John Poindexter to testify on the secretive TIA project which he directs. For examples of the types of information available to the government in private sector databases, see EPIC's Public Records and Privacy and Profiling and Privacy pages. (Jan. 13)

INS Seeks Info on Citizens Who Travel. The Immigration and Naturalization Service (INS) has proposed a new rule that would require all individuals leaving or entering the United States -- including U.S. citizens -- to provide certain personal information to the government. The required data would include complete name, date of birth, address and passport number. Such identification requirements currently apply only to non-resident aliens. Public comments on the proposed rule may be submitted until February 3. (Jan. 7)

Court Rules for EPIC in Homeland Security FOIA Case. U.S. District Judge Colleen Kollar-Kotelly has issued a decision [PDF] permitting EPIC to pursue discovery concerning the "nature of the authority" delegated to the Office of Homeland Security (OHS) and its Director, Tom Ridge. The ruling comes in response to a Freedom of Information Act lawsuit filed by EPIC after OHS took the position that it is not subject to the open government law. (Jan. 2)